The Community for Technology Leaders
RSS Icon
Issue No.05 - September/October (2010 vol.8)
pp: 20-26
J. Ryan Kenny , CPU Technology
Craig Robinson , CPU Technology
The recent development of high-security processors and hardware is substantially changing embedded software tools, shedding light on security in the embedded development environment. The process of developing, certifying, and implementing a secure processor has several challenges that can be compared to providing deadbolts for residential properties. The deadbolt itself, no matter how well designed and tested, offers little security if it isn't installed correctly. Even more significantly, the deadbolt is useless if the owner doesn't lock it at night. These problems are similar for secure hardware—if system developers implement them incorrectly and end users don't employ security configurations, the processor's security properties are of no value in the end system. Instituting security policy in the hardware has all of the hallmarks of traditional security software: user authentication (security engineer only), preventing the impact of users or operating code on security settings, command integrity and verification, and keeping security policy audit log settings. In this article, the authors define the embedded end markets affected by embedded software assurance issues, then examine ways in which security and assurance capabilities are partitioned in hardware and software. They then examine the problems inherent to configuring secure hardware and offers a list of considerations and testing issues for providers interested in improving their embedded security environments to support secure hardware and processors.
secure processor, embedded security, security configuration
J. Ryan Kenny, Craig Robinson, "Embedded Software Assurance for Configuring Secure Hardware", IEEE Security & Privacy, vol.8, no. 5, pp. 20-26, September/October 2010, doi:10.1109/MSP.2010.150
1. "Gartner Says Worldwide Security Software Market on Pace to Grow 8 Per Cent in 2009," Gartner Research, 21 Sept. 2009;
2. "Security Separation of Multi-Core Processors," white paper, CPU Tech., Sept. 2009; .
3. S. Mao and T. Wolf, "Hardware Support for Secure Processing in Embedded Systems," Proc. Design Automation Conference (DAC 07), 2007; .
4. N. Lawson, "Side-Channel Attacks on Cryptographic Software," IEEE Security & Privacy, vol. 7, no. 6, 2009, pp. 65–68.
5. "Building a Secure System Using TrustZone Technology," ARM application note, 2009; com.arm.doc.prd29-genc-009492c.
6. "Malware Turns Software Compilers into Malware Breeders," blog, 21 Aug. 2009;
7. FIPS 140-2 Security Requirements for Cryptographic Modules, US Nat'l Inst. Standards and Technology (NIST), 25 May 2001; .
50 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool